Researchers warn 500000 consumer routers infected with malware

27/05/2018

An advanced malware attack, believed to be developed by a nation-state actor, has been discovered by Cisco's Talos Intelligence research division. Known by several names, including PT28, Pawn Storm, Sandworm, Sednit and the Sofacy Group, the hackers are blamed for engineering attacks on the Organization for Security and Cooperation in Europe, the World Anti-Doping Agency, the US Democratic Party as well as several internet disruptions in Ukraine.

The ToKnowAll.com domain seized Wednesday hosted a backup server for uploading a second stage of malware to already-infected routers in the event a primary method, which relied on Photobucket, failed. It's no wonder, then, why the Justice Department announced that it was taking action to disrupt VPNFilter the same day it was revealed.

"The malware has a destructive capability that can render an infected device unusable, which can be triggered on individual victim machines or en masse, and has the potential of cutting off internet access for hundreds of thousands of victims worldwide".

Cisco researcher Craig Williams told Reuters: "With a network like this you could do anything".

VPNFilter has infected routers in Ukraine in particular at an "alarming rate", with a spike in infections in the Eastern European country on May 8 and May 17. The seizure of ToKnowAll.com is a major coup because it closes a secondary channel and may also provide previously unavailable information the Federal Bureau of Investigation can use to begin the process of helping ISPs and end users disinfect the devices. Researchers can't say for sure who is behind VPNFilter, but say code used by the malware authors overlap with BlackEnergy malware used in previous attacks in the Ukraine. The malware, dubbed VPN Filter according to a Cisco advisory, has managed to infect numerous routers from vendors like Linksys, MikroTik, Netgear, TP-Link, and certain network-attached storage devices from companies like QNAP.

"Netgear is investigating and will update this advisory as more information becomes available", a spokesman said in an emailed statement.

Trump says Venezuela is releasing American hostage
Marco Rubio, R-Fla., a member of the Senate Foreign Relations Committee, tweeted he is "very happy for Josh Holt & his family". Mr Maduro has frequently accused the U.S. of trying to overthrow him and the USA has tightened sanctions recently.

Researchers also commented on the complexity of the threat posed, stating: "Defending against this threat is extremely hard due to the nature of the affected devices".

The Kremlin did not immediately respond to a request for comment. The country has repeatedly been the victim of Russian cyberattacks, including the NotPetya ransomware, which USA and United Kingdom officials have called the "most destructive cyberattack ever".

The experts said the software tricks users into downloading security updates and is most probably created to target industrial systems and electrical grids.

"It has destructive capability". Justice said that by seizing control of one of the domains involved in running VPNFilter, it will give owners of infected routers a chance to reboot them, forcing them to begin communicating with the now-neutralized command domain. "That's not a capability usually built into malware like this", Cyber Threat Alliance President Michael Daniel said.

The researchers recommend users of small and home office-grade routers and NAS devices reset them to factory defaults and reboot them in order to remove the stage 2 and stage 3 malware, and reach out to device manufacturers to ensure up-to-date patching.

It is a journey that has attracted a lot of attention - last night's Game 5 pulled in a 7.0 in metered market ratings for TNT. The defending champions suffered a 98-94 loss at the Toyota Center and now trail 3-2 in the Western Conference Finals series.

At 34 and seemingly declining in ability, Ramirez is unlikely to make in the neighborhood of $22 million per season in the future. Could the Twins be interested in Hanley Ramirez? It means that the team will have seven days to trade or release Ramirez.

On the Yucatan Peninsula and the Gulf of Mexico has always been discovered the remains of a crater with a width of 200 km. Scientists have long theorized that an initial pulse of heat was followed by a devastating global winter.

Ream's only Premier League experience came in 13 games for Bolton Wanderers in 2012, after he left the New York Red Bulls in MLS. But football won today. 'He will be playing for a top four club in the next few years, if not I will be very, very surprised.

Speaking to BBC , Sheikh's father said he wanted his daughter's death to be a catalyst for the change of America's gun laws. Meanwhile, the US Congress is mulling over the Stop School Violence Act to provide increased security in schools.

But as the call was horsesh*t, the rogues snatched that chance away from Johnson before he could even scream 'we knew it!'. Boris Johnson has been targeted by a Russian prank caller pretending to be the new prime minister of Armenia .

Stats won't be kept in Playground matches so that players can't connive their way through the game's weekly challenges. The Apple App Store charts have had Fortnite at the top for a while now, which is also good news for Epic Games.

Shaw has struggled to impress Mourinho since he arrived at the club and it appears he's finally ok with letting the player go. The only team who is better than us this year is Man City. "I'm not saying we've had a magnificent season by any stretch".

Most liked

Astronaut Alan Bean, fourth man on the moon, dies at 86
Alan Bean, the fourth person ever to walk on the moon, died on Saturday at age 86, NASA announced on behalf of his family. Bean is survived by his wife Leslie; two children from a previous marriage, Amy Sue and Clay; and sister Paula Scott.

Real Madrid beat Liverpool to win Champions League
Football star Cristiano Ronaldo has praised Liverpool's attacker Mohamed Salah for comparing his looks to those of Lionel Messi. Mohamed Salah was cruelly taken from the field midway through the first half after suffering a shoulder injury.

Former US prisoner Josh Holt returns from Venezuela
The Venezuelan government on Saturday released an American, Josh Holt , who it has held since 2016 on weapons charges, U.S. Venezuelan authorities have claimed Holt was keeping guns in the home of the woman he went to the country to marry in 2016.

Korean leaders meet to salvage Trump-Kim summit
The negotiations come amid doubts over a potential landmark meeting between Kim and US President Donald Trump . The leaders of North and South Korea hold a surprise meeting at the demilitarized zone, for the second time .

Why Jose Mourinho wants to sign Marko Arnautovic
Speaking at a press conference covered by Globo Esporte, Fred said: "The talks had been in progress since January with City". Brazil will train at Tottenham after arriving in England on Sunday before their friendly with Croatia at Anfield on 3 June.

Harvey Weinstein Surrenders Over Sex Assault Charges
Revelations in The New York Times and The New Yorker in the fall spurred official inquiries in New York , Los Angeles and London. As he turned himself in, Weinstein , 66, found himself surrounded by lights and cameras in a spectacle he couldn't control.

Malaysia Airlines MH17 downed by Russian missile
Any suspects identified and charged will be prosecuted in Dutch courts - if they can be arrested and brought to trial. We are discussing these findings with our partners and considering our options".